THABACHWEU LOCAL MUNICIPALITY 


Anti-Virus 

Policy 



The Thabachweu Local Municipality policies are statements of principles and practices dealing with the on¬ 
going management and administration of the Municipality's IT assets. These policies act as a guiding frame 
of reference for how the Municipality deals with everything from its day- to-day IT operational and support 
procedures to comply with security regulations and codes of practice. This "statement of purpose" will 
guide the actions to be taken to achieve that purpose. 
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1. Overview 

The Thabachweu Municipality's intentions for publishing an Anti-Virus policy is establish the 
requirements which must be met by all computers connected to the Municipality's network to ensure 
effective virus detection and prevention. 

This policy is an internal IT policy which defines the anti-virus policy on every computer including how 
often a virus scan is done, how often updates are done, what programs will be used to detect, prevent, 
and remove malware programs. It defines what types of files attachments are blocked at the mail 
server and what anti-virus program will be run on the mail server. It may specify whether an anti-spam 
firewall will be used to provide additional protection to the mail server. It may also specify how files can 
enter the trusted network and how these files will be checked for hostile or unwanted content. 

2. Purpose 

The purpose of this Anti-Virus policy is to provide clarity on the base requirements that must be met by 
all computers connected to the Municipality's network to ensure effective virus detection and 
prevention. This policy applies to all the computers that are connected to the Thabachweu network 
regardless of ownership. This includes laptops, desktops and servers. 

3. Scope 

The Municipality will make use of a Dual-Homed Anti-Virus solution. The mobile computers and 
workstations will be running Symantec Anti-Virus Endpoint protection 12 and the servers will run 
Microsoft Bit Defender 2012 as an Anti-Virus client. The anti-virus software must be configured to 
operate in real time mode on all mobile client computers, workstations and servers. The anti-virus 
definitions updates on mobile computers and workstations may not be older than 14 days and on 
servers 5 days. Anti-virus scans will be configured to run on once per week on mobile computers and 
workstations and daily on servers. The installation and configuration of the software must be done in 
such a manner that it provides password protection against uninstalling the software or disabling the 
services. 

4. Email scanning & Spam filtering 


The Thabachweu Local Municipality makes use of an external service provider to host their e-mail data 
offsite. The external mail service provider (Brilliant) must provide written confirmation that they have 
adequate protection against malicious code and viruses to ensure the safety and availability of the 
Municipality's e-mail data. It is recommended that they have an active spam filter to prevent spam 
messages from reaching the Municipality. 
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Every workstation will have the Microsoft Outlook Client installed and configured to ensure that all e- 
mail sent or received are scanned and cleaned from any viruses or Trojan horses. When a virus or 
malware is found in the e-mail the infected attachment will be deleted by default to prevent further 
infections. If the sender of the e-mail is known they must be notified immediately via telephone of the 
virus infection to take the necessary action. 

5. Guide Lines 

5.1. Unsecure attachments. 

The Anti-Virus client on the mobile computers and workstations must be configured in such a manner 
that they will block all attachments that can contain malicious code or Trojan horses. These files 
include but are not limited to: exe, bat, cmd, com, app, chm, inf, ins, mdb, mda, mdz and msc files. 

Do not depend on your anti-virus software on each computer to prevent these viruses. Viruses have a 
period of time when they spread unrecognized by anti-virus software. Blocking these file attachments 
will prevent many trouble calls. Give the users a work around for your network to get some of their files 
sent to other organizations. Your solution will depend on your network and the software that is being 
used to block the file attachments. In one case we renamed the file to another type and instructed the 
recipient to rename it back to the original name before using it. This will not work in all cases since 
some file blocking software senses the actual file type regardless of its named file extension. 

5.2. Block failure. 

When the Anti-Virus client fails to block an unsecure attachment via e-mail the following procedures 
must be followed to address the security risk. 

• Delete the email and notify the sender - This will notify senders when their emails do not go 
through, but it will also notify senders who really did not send an email (when a virus spoofed 
them as the sender) that they sent an email with an illegal attachment. This can cause more 
additional help desk requests and questions for the administrator on the spoofed sender's side. 

• Delete the email and notify the sender and recipient. - This would have all the drawbacks of the 
above policy but would also increase help desk calls in your organization. 

• Remove the attachment and let the email go through. - This would let the receiver know that 
someone tried to send them an illegal attachment. If the attempt was a legitimate one, they 
could contact the sender and tell them what to do to get the attachment sent. This policy 
would very likely cause your organization's help desk calls to increase with users calling to ask 
questions about why someone is trying to send them these files. 

5.3. Internet protection (Proxy Server) 

Microsoft Bit Defender 2012 will configure on the Microsoft Proxy server to scan incoming internet 
traffic for Trojan horses and other malicious code. The installation and configuration must be done 
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in such a manner that it will detect and prevent intrusions into the Thabachweu network. It must 
support Intrusion prevention functionality. 

Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems 
(IDPS) are network security tools that monitor network and/or system activities for malicious 
activity. The main functions of intrusion prevention systems are to identify malicious activity, log 
information about said activity, attempt to block/stop activity, and report activity. 

Intrusion prevention systems are considered extensions of intrusion detection systems because 
they both monitor network traffic and/or system activities for malicious activity. The main 
differences are, unlike intrusion detection systems, intrusion prevention systems are placed in-line 
and are able to actively prevent / block intrusions that are detected. More specifically, IPS can take 
such actions as sending an alarm, dropping the malicious packets, resetting the connection and/or 
blocking the traffic from the offending IP address. 

5.4. Data sharing 

This policy governs the use of memory keys / data sticks and external drives. When data is moved 
or copied from one computer to another you must do a complete anti-virus scan of the device 
before the files are opened. This is to prevent viruses that reside in a dormant state until a file is 
opened to be detected, cleaned, removed, quarantined or deleted by the anti-virus software to 
prevent the virus from spreading. 

5.5. Infected files 

The anti-virus software for mobile computers and workstations must be configured in such a 
manner that when a virus, Trojan horse or malicious code is detected in the file, e-mail message or 
internet download the anti-virus software must follow the predefined process below: 

• Try to clean the file by removing the virus, Trojan horse or malicious code. 

• If it fails to clean the infected file it must quarantine the infected file. 

• If it fails to quarantine the infected file it must delete the infected file. 

6. Corrective actions for non-policy compliance 

• Failure to comply with the guidelines stipulated in the Municipality's policies will result in the 
following corrective or disciplinary procedures. 

• The decisive action that will be taken against the employee is dependent on the severity level and 
the level of the security risk. 

• Warning from Management: 

o The employee receives a warning from their manager that they were in violation of policy. 

• Written Warning in Personnel File 
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o The employee is reprimanded, and official notice is put in their personnel file. This may 
have negative consequences during future performance reviews or promotion 
considerations. 

• Revoking Privileges 

o Access to certain resources, such as internet or email, can be revoked for a limited period 
providing that this action does not have a negative impact on the employee's job functions. 

• Training 

o Adequate training to create awareness and guidance on policy compliance. 

• Disciplinary action will be determined in compliance to Schedule 8 of the Labour Relations Act 66 of 
1995 or other related Public Service Regulations. 

7. Glossary and Abbreviations 


Please refer to the Thabachweu Glossary and abbreviations guide. 
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